White & Case Technology Newsflash

The Technology Newsflash contains articles and timely updates on the latest technology, outsourcing and privacy legal issues and trends affecting businesses today. We encourage you to visit the site often as it is updated regularly. We welcome any questions about the topics covered here and those relating to our global capabilities.

Rapid developments in information technology are changing how people work, consume, play and interact. Government policy will influence the direction of technological developments, and laws and regulations will undoubtedly need to change to address the new reality.

In its recent In re Micron Tech opinion, the Court of Appeals for the Federal Circuit answered one of the most hotly contested issues springing from the wake of TC Heartland—does the Supreme Court's TC Heartland opinion qualify as a change-of-law such that an alleged infringer who failed to raise the defense of improper venue pre-TC Heartland will not be adjudged to have waived the defense?

On September 18, 2017, the Ministry of Finance and Public Credit (SHCP) submitted to the Mexican Federal Commission for Regulatory Efficiency (Comisión Federal de Mejora Regulatoria, COFEMER) the draft bill of the Law Regulating the Financial Technology Institutions (also known as, the "FinTech Law"), which was published on the Commission's website.

Virtual currency and blockchain are steadily becoming part of mainstream financial services. In recent weeks, developments in corporate law, securities regulations, financial crimes enforcement and state legislation have moved these technologies ever closer to full legitimacy.

Investors continue to flock to Israel, as innovation and technological advancements create fertile ground for M&AInvestors continue to flock to Israel, as innovation and technological advancements create fertile ground for M&A.

The European Commission has published a draft Regulation regarding cookies and electronic direct marketing. EU regulators have publicly welcomed the proposal, which has potentially significant consequences for all businesses that engage in online commerce or electronic direct marketing.

The U.S. International Trade Administration will begin accepting self-certifications for the Swiss-U.S. Privacy Shield on Wednesday, April 12th. While rooted in the same principles as the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield contains several distinctions and important requirements for organizations seeking to transfer Swiss personal data to the United States.

The Article 29 Working Party has released new procedural documentation regarding Privacy Shield and individuals' complaints about misuse of their personal data. This comes against a backdrop of concern that a recent US Presidential Order may undermine certain protections offered by Privacy Shield.

The UK Information Commissioner's Office has issued fines to two businesses for unlawfully sending emails to individuals to ask about their marketing preferences. These cases emphasise the fact that "marketing" in this context is a very broad concept, and is not limited to sales and promotional activities.

The English Court of Appeal has ruled in two recent cases that subject access requests are generally valid, and businesses must comply with such requests, even if they are made for collateral purposes, such as collecting information for use in litigation. However, the court also clarified that the subject access regime only requires businesses to conduct a reasonable and proportionate search – not an exhaustive search.

The English Court of Appeal has confirmed in a recent case that data protection claims may be brought hand-in-hand with defamation claims. The case provides a reminder to businesses that the use of data protection as a weapon in litigation is growing ever more commonplace.

As discussed in our March 1, 2017 update, the New York Department of Financial Services ("NYDFS") issued final regulations that require New York banks and insurance companies, as well as other financial services companies that are supervised by the NYDFS—including New York state-licensed branches and agencies of non-US banks—to establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York's financial services industry ("Cybersecurity Regulations").

Subject Access Requests ("SARs") are an increasingly popular weapon in litigation, because they can be used to provide a cheap and quick form of pre-action disclosure. However, courts have confirmed that information subject to legal professional privilege ("LPP") does not need to be disclosed in response to a SAR, unless the person making the SAR has a "prima facie case" that the party relying on LPP is doing so to hide some form of wrongdoing.

The EU's Article 29 Working Party has published new Guidelines on the role of Data Protection Officers under the General Data Protection Regulation. Data Protection Officers are seen as a cornerstone of data protection compliance, and many businesses will be subject to a mandatory obligation to appoint a Data Protection Officer.